Complain about a product or service

Connecticut Sues Accenture Over Lost Data

Lawsuit alleges contractor lost taxpayer data in connection with Ohio data breach

by Martin H. Bosworth
ConsumerAffairs.com

September 21, 2007

The civil complaint alleges that Accenture had removed the information from Connecticut's computer system without permission, which was later downloaded onto a security tape in Ohio and stolen from the car of an intern working for Ohio's state government.

State Attorney General Richard Blumenthal filed the suit on behalf of the state's comptroller, Nancy Wyman, whose office oversaw a $98 million contract with Accenture to develop the state's "Core-CT" computerized payroll, inventory, and accounting system.

"Accenture deserves censure -- to be held accountable for allowing valuable secret data to be stolen and putting at risk state taxpayers, bank accounts and purchasing cards," Blumenthal said.

"Transferring this data to Ohio is inexplicable and inexcusable," Blumenthal said. "Confidential information can have the value of cash -- especially in the wrong hands -- but Accenture treated it like scrap paper. Its breach of contract and negligence exposed state taxpayers to identity theft and other harm."

Although the Ohio data breach occurred in June, Wyman's office was not notified that the missing data tape contained information on Connecticut citizens until September 4. Connecticut governor M. Jodi Rell announced that an investigation by the state's IT department found that the missing tape contained nearly all of Connecticut's state agency bank account numbers, and that state agencies were undertaking numerous security measures to ensure that the accounts had not been illegally accessed or tampered with.

“Like a citizen whose wallet has been stolen, our first priority had to be safeguarding the information that was missing – and that’s just what we have done,” Rell said.

“Now we need to start adding up the expenses we incurred in taking those actions and provide those figures to the Attorney General so that he can recover those costs from Accenture...At the same time, we must ratchet up security to make sure this never happens again."

Wyman's office has arranged for two years of free identity theft protection and insurance for the 58 taxpayers affected by the breach. Connecticut officials said there was no indication that the information had been used for identity theft or fraud as of yet.

Breach Background

Accenture had been hired by the Ohio state government to develop a payroll and inventory system similar to Core-CT. The information was apparently removed from the Core-CT system and later transferred to a data tape given to a 22-year-old intern to back up and take home, which led to the theft of the tape from his car.

The Ohio data breach was originally reported as affecting 64,000 Ohio state workers. Further investigation found the tape contained data on nearly 1 million taxpayers, welfare recipients, state employees, and lottery winners. The state may have to spend up to $2 million to pay for identity theft protection and breach notification letters.

Accenture had previously sent the personal data of 1200 Transportation Security Administration employees to the wrong addresses, while working on a contract for the government agency.

Blumenthal had previously requested information from pharmaceutical giant Pfizer on the first of several data breaches that had affected Connecticut citizens. Blumenthal criticized Pfizer for not notifying state authorities of the breach in a timely fashion.

Report Your Experience
If you've had a bad experience -- or a good one -- with a consumer product or service, we'd like to hear about it. All complaints are reviewed by class action attorneys and are considered for publication on our site. Knowledge is power! Help spread the word. File your consumer report now.

Back to the top |